Re: [spring] We don't seem to be following our processes (Re: Network Programming - Penultimate Segment Popping)
Robert Raszuk <robert@raszuk.net> Fri, 06 December 2019 16:32 UTC
Return-Path: <robert@raszuk.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A68E12092D for <ipv6@ietfa.amsl.com>; Fri, 6 Dec 2019 08:32:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xarw0LzVBc-1 for <ipv6@ietfa.amsl.com>; Fri, 6 Dec 2019 08:32:13 -0800 (PST)
Received: from mail-qt1-x830.google.com (mail-qt1-x830.google.com [IPv6:2607:f8b0:4864:20::830]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92D9412094D for <6man@ietf.org>; Fri, 6 Dec 2019 08:31:56 -0800 (PST)
Received: by mail-qt1-x830.google.com with SMTP id v2so7658159qtv.8 for <6man@ietf.org>; Fri, 06 Dec 2019 08:31:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hNGGIgn581zATyUEOnkSln0CBgXB4ziejJJJZQkTO7M=; b=P4284PpCauGZullP6xal3gtkIBF1hvGiDVWRFURmTlLDFSy0zLsTUh5fatJvoO8y8i Nz7THZ6DQwWtzVHULwfzwP2YXg6ec6Vow2ffGIe1QGknM7+XRCOIh0HuEbVBBXFerUUT Uq9Su4iCgIC/zL/waSN/ZSNDykQBwDXGR1Ns75Lbfht9PzCQr5wLkqBK0/FFKvNCMbaw wSydnpaBpSz3Wc4q+e4iTWoGavDvpC+cGVru8J3ehK17gYSe2rsQ895kUhoWnrY/zxOE nKKFlByn8hLTHXTNGh+4578d5KbHVkNbuBsI/xZOBiRF1FiZkUiwp/hs4jUGIzMC5shV STdw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hNGGIgn581zATyUEOnkSln0CBgXB4ziejJJJZQkTO7M=; b=Io9XXklaI6A+aiEPmwukOuDeU215iCCXNDCE4Qo203ubnyATd3o2UlgADKfjIRrPxx 7i1ZChCpJmpPKIs7YM/vtzVwIF8FTjymucLqD12/usGd7WAAa0B0I+nvMshY7HfSUH49 lqiOPFEHUnVWhK4fYVXi8/5RnfhMMSeLBQtOHvFawUhusuKL10nw+ojgZlQ0l3xyrf6P hDJrKliuhA78I8zbveiX1wxnPlgenEXwORG+sLI7FEVqGDXcYckQFvFyeikV4wLRv7cC 3mD8JGUmsjuvU3HysNUtBFrzUQJW4QWBHed30sJ9nhb0DqzE1afAEWshZHigwh/oGL79 w14A==
X-Gm-Message-State: APjAAAUm6QW4nIZehGUBR1H7s9nrH9LRAHX25uFdm4iy3FtPQ8LM9lAd eZZCqVescoaHFzqPMWuaVvb+nC3uSYLrSrC7mDBMGg==
X-Google-Smtp-Source: APXvYqwstmtUISW259stdxZyxgQuriAPGLjyTYykQjXuXYUHwO8B41TDINnJLXhp6aQU5tOrxUplui0rq3hcRzer580=
X-Received: by 2002:ac8:37d0:: with SMTP id e16mr13415229qtc.311.1575649915665; Fri, 06 Dec 2019 08:31:55 -0800 (PST)
MIME-Version: 1.0
References: <BN7PR05MB56998A05469327E759B5B671AE5D0@BN7PR05MB5699.namprd05.prod.outlook.com> <3AD3BD11-8C34-41FE-B88F-49A9F2561D78@cisco.com> <BN7PR05MB569946D6AA5C6B78AFC05F6BAE5C0@BN7PR05MB5699.namprd05.prod.outlook.com> <8DEDE597-B7B0-48F5-959E-69757315C2AC@employees.org> <BN7PR05MB56996FFC117F512EEA04AFC8AE5C0@BN7PR05MB5699.namprd05.prod.outlook.com> <4FAB68A3-C533-471D-94D0-3F6EB1F32FC1@employees.org> <1e36a492-5931-02de-cf85-63339522b13a@si6networks.com> <F6DD2C7C-DBBF-4B48-B890-3C86005FB9CF@employees.org> <bb3be82d-8ea7-6c29-ad0a-61b491ee997d@si6networks.com> <8A9BC46E-A018-41C0-BE47-4BABC30EFE79@employees.org> <20191205222740.GA9637@ernw.de> <C7BCB0CF-1CA3-4CA8-9E71-13A013955938@employees.org> <E3C0E460-9329-40B1-ACF6-B9D8F6E2B3DF@steffann.nl> <CAOj+MMHEb4c_bGH-sV9LC+baHJZisTsXUMpTJNbR1j-YEcyqwA@mail.gmail.com> <741EB111-DA80-4895-A7E3-3B71836E6176@steffann.nl>
In-Reply-To: <741EB111-DA80-4895-A7E3-3B71836E6176@steffann.nl>
From: Robert Raszuk <robert@raszuk.net>
Date: Fri, 06 Dec 2019 17:31:47 +0100
Message-ID: <CAOj+MMGe5KQeN2BFr9r6W1WV80BGuq8oi14tFdOJSnfymjTLLQ@mail.gmail.com>
Subject: Re: [spring] We don't seem to be following our processes (Re: Network Programming - Penultimate Segment Popping)
To: Sander Steffann <sander@steffann.nl>
Cc: SPRING WG <spring@ietf.org>, 6man <6man@ietf.org>, "int-ads@ietf.org" <int-ads@ietf.org>, rtg-ads <rtg-ads@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000839e7a05990b9595"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/RwdKmUIU3qWUCF1eBN4jSZ77HmA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Dec 2019 16:32:20 -0000
Hi, Inline. On Fri, Dec 6, 2019 at 5:21 PM Sander Steffann <sander@steffann.nl> wrote: > Hi Robert, > > > To your specific first question this is very popular deployment model .. > just look at SDWANs. So Internet is just a L3 transport for all routers in > your administrative domain or global WAN. Spot on. I do sincerely hope that > whatever the result be of this debate all features will be legal to run on > my boxes regardless how I choose to interconnect them. > > > > As (Internet) transit boxes would never be destination addresses of the > outermost header what problem do you see running anything one likes on R1 > or R2 or R3 and transporting it via open Internet or perhaps some third > party networks ? > > So this is basically a tunnel over the open internet with all tunnel > endpoints in the same (or cooperating) administrative domain. In that case > it's indeed up to the participants to deal with and debug. > Ok very cool. So it looks like we have quick and easy agreement on that one. Chairs please take a note on that. So the tunnel model I don't mind. Can we be certain it indeed fits all > deployments and leaking isn't possible. Theory and practice are the same in > theory, but not in practice :) > Very true - no argument. But what is "leaking" ? If I am forwarding within my own address space as we just agreed this is ok - no leaking. Now if I will construct the packet stuff it with whatever legal or illegal EHs and send it towards the address that does not belong to me - this is not leaking but an attack vector. Can this happen - oh yes. Almost certainly it will happen. So we need to protect our edges from such attacks regardless what 6man or spring or xyz will standardize or allow to insert or remove from the packet header. Sounds to me like a very important topic but a bit orthogonal to subject of this specific thread. Many thx, R.
- Network Programming - Penultimate Segment Popping Ron Bonica
- Re: Network Programming - Penultimate Segment Pop… Fernando Gont
- Re: Network Programming - Penultimate Segment Pop… Darren Dukes (ddukes)
- RE: Network Programming - Penultimate Segment Pop… Ron Bonica
- Re: Network Programming - Penultimate Segment Pop… Fernando Gont
- Re: Network Programming - Penultimate Segment Pop… otroan
- RE: Network Programming - Penultimate Segment Pop… Ron Bonica
- Re: Network Programming - Penultimate Segment Pop… otroan
- Re: Network Programming - Penultimate Segment Pop… Fernando Gont
- We don't seem to be following our processes (Re: … Fernando Gont
- Re: We don't seem to be following our processes (… otroan
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: We don't seem to be following our processes (… otroan
- Re: We don't seem to be following our processes (… Tom Herbert
- RE: We don't seem to be following our processes (… Ron Bonica
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: We don't seem to be following our processes (… Enno Rey
- Re: We don't seem to be following our processes (… Enno Rey
- RE: We don't seem to be following our processes (… Ron Bonica
- Re: We don't seem to be following our processes (… Bob Hinden
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: We don't seem to be following our processes (… otroan
- Re: We don't seem to be following our processes (… Joel M. Halpern
- Re: We don't seem to be following our processes (… Sander Steffann
- Re: We don't seem to be following our processes (… Alexandre Petrescu
- Re: We don't seem to be following our processes (… Tom Herbert
- Re: [spring] We don't seem to be following our pr… Robert Raszuk
- Re: [spring] We don't seem to be following our pr… Sander Steffann
- Re: [spring] We don't seem to be following our pr… Robert Raszuk
- Re: We don't seem to be following our processes (… Bob Hinden
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: We don't seem to be following our processes (… otroan
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: We don't seem to be following our processes (… Tom Herbert
- Re: We don't seem to be following our processes (… otroan
- Re: [spring] We don't seem to be following our pr… Andrew Alston
- Re: We don't seem to be following our processes (… Brian E Carpenter
- Re: [spring] We don't seem to be following our pr… otroan
- RE: [spring] We don't seem to be following our pr… Ron Bonica
- Re: [spring] We don't seem to be following our pr… Andrew Alston
- Re: [spring] We don't seem to be following our pr… otroan
- RE: [spring] We don't seem to be following our pr… Ron Bonica
- Re: We don't seem to be following our processes (… Brian E Carpenter
- Re: [spring] We don't seem to be following our pr… Fernando Gont
- Re: Network Programming - Penultimate Segment Pop… Darren Dukes (ddukes)
- Re: We don't seem to be following our processes (… Fernando Gont
- RE: Network Programming - Penultimate Segment Pop… Ron Bonica
- Re: [spring] We don't seem to be following our pr… Ole Troan
- Re: [spring] We don't seem to be following our pr… Andrew Alston
- Re: [spring] We don't seem to be following our pr… Sander Steffann
- Re: We don't seem to be following our processes (… Brian E Carpenter
- Re: [spring] We don't seem to be following our pr… Fernando Gont
- Re: We don't seem to be following our processes (… Joel M. Halpern
- Re: We don't seem to be following our processes (… Tom Herbert
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: [spring] We don't seem to be following our pr… otroan
- Re: We don't seem to be following our processes (… otroan
- Re: We don't seem to be following our processes (… Brian E Carpenter
- Re: [spring] We don't seem to be following our pr… Brian E Carpenter
- Re: [spring] We don't seem to be following our pr… Fernando Gont
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: [spring] We don't seem to be following our pr… Fernando Gont
- Re: We don't seem to be following our processes (… Tom Herbert
- Re: We don't seem to be following our processes (… Ole Troan
- Re: We don't seem to be following our processes (… Brian E Carpenter
- Re: [spring] We don't seem to be following our pr… Brian E Carpenter
- Re: We don't seem to be following our processes (… Joel M. Halpern
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: [spring] We don't seem to be following our pr… Fernando Gont
- Re: We don't seem to be following our processes (… Fernando Gont
- Separating issues (was Re: [spring] We don't seem… Suresh Krishnan
- RE: Separating issues (was Re: [spring] We don't … Ketan Talaulikar (ketant)
- Re: We don't seem to be following our processes (… otroan
- Re: We don't seem to be following our processes (… Joel M. Halpern
- Re: We don't seem to be following our processes (… Mark Smith
- Re: We don't seem to be following our processes (… otroan
- Re: We don't seem to be following our processes (… otroan
- Re: [spring] We don't seem to be following our pr… Robert Raszuk
- Re: [spring] We don't seem to be following our pr… Alexandre Petrescu
- Re: Network Programming - Penultimate Segment Pop… Darren Dukes (ddukes)
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: Network Programming - Penultimate Segment Pop… Fernando Gont
- Re: [spring] We don't seem to be following our pr… Darren Dukes (ddukes)
- Re: [spring] We don't seem to be following our pr… Robert Raszuk
- Re: We don't seem to be following our processes (… Tom Herbert
- Re: Network Programming - Penultimate Segment Pop… Tom Herbert
- Re: [spring] Network Programming - Penultimate Se… Robert Raszuk
- Re: [spring] We don't seem to be following our pr… Fernando Gont
- Re: [spring] We don't seem to be following our pr… Fernando Gont
- Re: [spring] We don't seem to be following our pr… Brian E Carpenter
- Re: We don't seem to be following our processes (… Mark Smith
- IPv6 header insertion in a controlled domain otroan
- IPv6 header insertion in a controlled domain otroan
- Re: IPv6 header insertion in a controlled domain Fernando Gont
- Re: IPv6 header insertion in a controlled domain otroan
- Re: IPv6 header insertion in a controlled domain Sander Steffann
- Re: IPv6 header insertion in a controlled domain Gyan Mishra
- Re: IPv6 header insertion in a controlled domain otroan
- Re: IPv6 header insertion in a controlled domain Joel M. Halpern
- Re: IPv6 header insertion in a controlled domain Gyan Mishra
- Re: IPv6 header insertion in a controlled domain otroan
- Re: IPv6 header insertion in a controlled domain Tom Herbert
- Re: IPv6 header insertion in a controlled domain jmh.direct@joelhalpern.com
- Re: IPv6 header insertion in a controlled domain otroan
- Re: IPv6 header insertion in a controlled domain Gyan Mishra
- Re: IPv6 header insertion in a controlled domain Gyan Mishra
- Re: IPv6 header insertion in a controlled domain otroan
- Re: IPv6 header insertion in a controlled domain otroan
- Re: IPv6 header insertion in a controlled domain otroan
- Re: We don't seem to be following our processes (… Alexandre Petrescu
- Re: IPv6 header insertion in a controlled domain Sander Steffann
- Re: IPv6 header insertion in a controlled domain Brian E Carpenter
- Re: IPv6 header insertion in a controlled domain Warren Kumari
- Re: IPv6 header insertion in a controlled domain otroan
- Re: IPv6 header insertion in a controlled domain Gyan Mishra
- RE: We don't seem to be following our processes (… Ron Bonica
- RE: IPv6 header insertion in a controlled domain Ron Bonica
- Re: IPv6 header insertion in a controlled domain Sander Steffann
- Re: IPv6 header insertion in a controlled domain Gyan Mishra
- RE: IPv6 header insertion in a controlled domain Ron Bonica
- Re: IPv6 header insertion in a controlled domain otroan
- RE: [spring] We don't seem to be following our pr… bruno.decraene
- Re: IPv6 header insertion in a controlled domain Fernando Gont
- Re: IPv6 header insertion in a controlled domain Tom Herbert
- Re: IPv6 header insertion in a controlled domain Gyan Mishra
- Re: IPv6 header insertion in a controlled domain Fernando Gont
- RE: IPv6 header insertion in a controlled domain Ron Bonica
- Re: IPv6 header insertion in a controlled domain Gyan Mishra
- Re: IPv6 header insertion in a controlled domain Fernando Gont
- Re: topics to circulate Alexandre Petrescu
- Re: topics to circulate Gyan Mishra
- Re: topics to circulate Erik Kline
- Re: topics to circulate Alexandre Petrescu
- Re: topics to circulate Alexandre Petrescu
- Re: IPv6 header insertion in a controlled domain Alexandre Petrescu
- Re: IPv6 header insertion in a controlled domain Alexandre Petrescu